CM-6Configuration Settings STRIDE-LM
    (1)Automated Management, Application, and Verification   STRIDE-LM
    (2)Respond to Unauthorized Changes   STRIDE-LM
    CM-7Least Functionality STRIDE-LM
    (1)Periodic Review  STRIDE-LM
    (2)Prevent Program Execution  STRIDE-LM
    (3)Registration Compliance    STRIDE-LM
    (4)Unauthorized Software    STRIDE-LM
    (5)Authorized Software  STRIDE-LM
    (6)Confined Environments with Limited Privileges    STRIDE-LM
    (7)Code Execution in Protected Environments    STRIDE-LM
    (8)Binary or Machine Executable Code    STRIDE-LM
    (9)Prohibiting The Use of Unauthorized Hardware    STRIDE-LM
    CM-8System Component Inventory STRIDE-LM
    (1)Updates During Installation and Removal  STRIDE-LM
    (2)Automated Maintenance   STRIDE-LM
    (3)Automated Unauthorized Component Detection  STRIDE-LM
    (4)Accountability Information   STRIDE-LM
    (6)Assessed Configurations and Approved Deviations    STRIDE-LM
    (7)Centralized Repository    STRIDE-LM
    (8)Automated Location Tracking    STRIDE-LM
    (9)Assignment of Components to Systems    STRIDE-LM
    CM-9Configuration Management Plan  STRIDE-LM
    (1)Assignment of Responsibility    STRIDE-LM
    CM-10Software Usage Restrictions STRIDE-LM
    (1)Open-source Software    STRIDE-LM
    CM-11User-installed Software STRIDE-LM
    (2)Software Installation with Privileged Status    STRIDE-LM
    (3)Automated Enforcement and Monitoring    STRIDE-LM
    CM-12Information Location  STRIDE-LM
    (1)Automated Tools to Support Information Location  STRIDE-LM
    CM-13Data Action Mapping    STRIDE-LM
    CM-14Signed Components    STRIDE-LM
    CP-1Policy and Procedures STRIDE-LM
    CP-2Contingency Plan STRIDE-LM
    (1)Coordinate with Related Plans  STRIDE-LM
    (2)Capacity Planning   STRIDE-LM
    (3)Resume Mission and Business Functions  STRIDE-LM
    (5)Continue Mission and Business Functions   STRIDE-LM
    (6)Alternate Processing and Storage Sites    STRIDE-LM
    (7)Coordinate with External Service Providers    STRIDE-LM
    (8)Identify Critical Assets  STRIDE-LM
    CP-3Contingency Training STRIDE-LM
    (1)Simulated Events   STRIDE-LM
    (2)Mechanisms Used in Training Environments    STRIDE-LM
    CP-4Contingency Plan Testing STRIDE-LM
    (1)Coordinate with Related Plans  STRIDE-LM
    (2)Alternate Processing Site   STRIDE-LM
    (3)Automated Testing    STRIDE-LM
    (4)Full Recovery and Reconstitution    STRIDE-LM